We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

UK regulator issues monetary penalty for data breach

30 July 2014

Think W3 Limited, an online travel services company, has recently been served a monetary penalty of £150,000 after a lack of suitable information security allowed hackers to access over a million credit and debit card records of individuals.

The company was hacked in December 2012 and of the records obtained two thirds were out of date. Cardholder details had not been deleted since 2006 and there was no evidence of personal data being kept accurate and up-to-date.

In commenting on the enforcement action Stephen Eckersley, Head of Enforcement at the Information Commissioner's Office (ICO) said amongst other things:

"The public's awareness of the importance of data protection is rising all the time. Ignorance from data controllers is no excuse. They must take active steps to ensure the personal data they are responsible for is kept safe or face enforcement action and the resulting reputational damage."

The analysis by the ICO of data breach incidents over the past year shows that the vast majority of data breaches are caused by error although technical security failing (including hacking) is on the increase.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com